260609 – rc.firewall options nologports but no logports ?

Bug 260609 - rc.firewall options nologports but no logports ?

Summary: rc.firewall options nologports but no logports ?

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	conf (show other bugs)
Version:	13.0-STABLE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-rc (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-22 14:12 UTC by Karrakis
Modified:	2024-12-14 02:21 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karrakis 2021-12-22 14:12:10 UTC

Hello,

When configuring firewall with type workstation, we can log nothing, all but max 500 logs or all except some tcp/udp ports. It's not possible to log some specific port except using firewall script but that's a great loose in term of configuration readabilty.

Is there a way to implement a rc variable firewall_logports or firewall_forcelogports and for example create rules accordingly 

  if [ -n "${firewall_logports}" ] ; then
    sysctl net.inet.ip.fw.verbose=1 >/dev/null
    log="log logamount 500"   # The default of 100 is too low.
    for i in ${firewall_logports} ; do
      ${fwcmd} add deny $log ip from any to me $i in
    done
  fi

?

Best regards
Nicolas